Guarding Against Extremes

I'm reading "The Wizard and the Prophet" and see them as the extreme viewpoints of an answer; one campaigning for one side of the solution, the other one advocating the opposite; bouncing us back and forth between extremes, getting no closer to a workable answer.

Net-SNMP on Windows with SSL

Recently, I found my older Windows version (5.2.2) of the Net-SNMP tools didn't have support for AES privacy protocol for SNMPv3 when I tried to use it. I grabbed the latest pre-compiled Windows binaries (5.6.1.1) from the site and found they didn't have AES support either. After some reading, I found I needed OpenSSL DLLs and old ones at that - version 0.98. This wasn't going to work; I was going to need to compile this myself.

I tried with MinGW included with Strawberry Perl, but 'gmake.exe' kept giving errors. Now I needed Microsoft Visual Studio Community and some help.

Digital Disruption in Service Providers

Every industry can be digitally disrupted - even those that claim to provide the very digital transformation enterprises so desperately seek.

The true benefit of software-defined networking is not separation of control plane and data plane - that doesn't work at scale. It's not easier centralized control and the end of command line with more fancy acronyms like YANG, XML-RPC and REST APIs. The "revolutionary" idea is the separation of the network layer into physical connectivity and logical connectivity. I quote "revolutionary" as tongue-in-cheek - the OSI model always had a separate physical layer and network layer, but in the long move from circuits to fully-managed, bundled MPLS, we seem to have forgotten that.

DNS PII UH-OH

A seemingly normal DNS packet:

ETH: dst:98:76:54:32:10:ab  src:ab:cd:ef:12:34:56  type:0x0800
IPv4: version:4  hlen:5  tos:0x00  length:190  id:44821
IPv4: flags:0x00  offset:0  ttl:128  protocol:0x11  checksum:0xb060
IPv4: src:8.8.8.8  dst:192.168.10.1
UDP: src:53  dst:13245  length:170  checksum:0x8756
DNS: id:21817  qr:1  opcode:0  flags:0x18  rcode:0
DNS: qdCount:1  anCount:4
DNS: nsCount:0  arCount:0
DNS::Question: name:www.www.com
DNS::Question: type:1  class:1
DNS::RR: name:www.www.com
DNS::RR: type:5  class:1  ttl:64  rdlength:16
DNS::RR::CNAME: cname:www.Johnny.com
DNS::RR: name:www.www.com
DNS::RR: type:5  class:1  ttl:64  rdlength:17
DNS::RR::CNAME: cname:www.Fingers.com
DNS::RR: name:www.www.com
DNS::RR: type:1  class:1  ttl:64  rdlength:4
DNS::RR::A: address:25.7.42.197
DNS::RR: name:www.www.com
DNS::RR: type:1  class:1  ttl:64  rdlength:4
DNS::RR::A: address:73.156.82.200

But upon some decoding ...

Net::SSH2 Upgrade Access to Cisco

I upgraded my Strawberry Perl to 5.24 and my GNS3 test lab for SSH access via CRAPPS suddenly didn't work.

Knowing the Perl version changed, I checked and the Net::SSH2 version changed (0.58 to 0.63). Troubleshooting was pretty easy - just a quick Perl script to open a connection and die on failure with error:

#!perl
use strict;
use warnings;
use Net::SSH2;

my $ssh2 = Net::SSH2->new();
$ssh2->connect('10.254.254.1') or $ssh2->die_with_error;
print "Success\n";

The error was: Unable to exchange encryption keys (-8 LIBSSH2_ERROR_KEY_EXCHANGE_FAILURE). OK, so I said troubleshooting was easy ... the solution ... maybe not so much?

Technology Themes

In my career of technology consulting, projects over the years have been driven by some high level themes regardless of:

• the technology (i.e., network design, management, security, etc.),
• the domain (i.e., local, wide-area, data center, etc.),
• or the customer (i.e., retail, healthcare, banking, etc.)

To summarize roughly by decade:

Decade	Theme
1980s	Technology Evangelism
1990s	Technology Deployment
2000s	Technology Evaluation
2010s	Technology Justification

I haven't been in information technology for that long,

IT Leadership

A CEO has a decision - who to lead IT now that the current CIO is leaving due to many failed projects and a general perception that the company's use of technology is falling behind.

The background: the company has business and department leaders housed in mahogany offices on the top floor of it's fancy headquarters. They've identified that collaboration is the issue - too many decisions are being made in a bubble without the appropriate input from across the business. This is why the last few technology projects have failed and they cannot afford another failure. Current collaboration technology includes Lotus Notes email, no instant messaging, an old analogue phone system and no video conferencing.

The CEO has three choices to fill the role:

1. The technology wizard - vast experience with the company's IT systems and all relevent vendor / industry certifications.
   
2. The MBA graduate - business undergrad with an MBA focusing on Information Systems management, hired two years ago as a director and being groomed for the executive fast-track.
   
3. The outside technology consultant with business acumen - loads of hands-on technical experience, but no systems or management experience with this particular company.
   

What should the CEO do?

Seven Thoughts on The Seventh Sense

I recently read The Seventh Sense: Power, Fortune, and Survival in the Age of Networks by Joshua Cooper Ramo and some reflection on my career as a network engineer and consultant.

I've been designing information and communications technology (ICT) networks for the better part of my career. The process, the technology, the methodology have all changed - in some cases dramatically. We no longer build networks for objects to connect to; we build networks to transport information. This may seem a semantic debate, but the two scenarios require very different approaches. And what emerges may be a very different architecture. Building houses for people to live in seems straightforward. But having information like, "all the people are disabled veterans" changes the architecture from a two-floor cape to a single-floor ranch, and alters many other design elements.

Following are the seven thoughts I need to document:

Extending Knowledge with Chrome Extension

A bit of Google-ing and a read through the examples on Chrome Extensions, and I was able to create my first very simple Chrome extension.

When I come across a movie that I'd like to see - in a newsreader, YouTube trailer - I like to add it to my Netflix queue. This involves opening a new tab, going to Netflix, typing in the movie name in the search bar and then adding it to my saved queue. It'd be nice to just highlight the movie name text in the page I'm reading, right-click and select "Add to Netflix Queue". So that's what my extension does.

I needed to understand the basic extension manifest, how to use 'contextMenus' and the Netflix search URL. Code can be found on GitHub.

I haven't thought about putting it on the Chrome Store because of the graphics using the Netflix logo. This is not an extension authorized by Netflix so I don't want to have any issues around that. That would of course make installation easier as well as make Chrome not complain and remove the extension on each relaunch due to it not being in the Chrome Store.

I could also look into the Netflix API to see if I could authenticate if not already logged in and do some other checking, but for the 0.0.0.1 version, I'm more than happy I could hack something together that actually works!

Counterproductive Productivity

After a discussion with a co-worker today, I got to thinking about the artificial walls we're building as we outsource while technology continues to get more integrated. It seems counterproductive.

Programmability and "software-defined" are the latest buzzwords, with vendors providing Application Program Interfaces (API) for integration. But integration points expose only the bare minimum for stable operations. This cause is two-fold: to protect their internal systems as well as limit the non-standard use cases and allow the provider economy of scale. The effect can dramatically limit the options for creative, innovative interoperability.

Can a VoIP vendor offer third-party instant messaging integration; "yes". Will a provider reselling that vendor's system as a service permit third-party instant messaging integration? Maybe not, if their model doesn't include that third-party or they can't measure and thus charge per IM. And that limits what the consumer can due with the service.

I always say the technology is not the limiting factor; we can do anything with technology. Especially someone like me - tenacious, wide skill set, master of none, but I have enough tools in the toolbox to figure something out. If I can't find a hammer I can use a crowbar creatively to pound something into place.

But with a managed service where the vendor is providing the toolbox, maybe all they offer you is a hammer, and then you know, "everything starts to look like a nail."

DMVPN IPv6 Easy

I needed to test IPv6 overlay on DMVPN. Easy enough; there are plenty of DMVPN configuration guides out there and even some on IPv6. I tested on a version of 12.4T on 7200-series routers in GNS3 and the config was really as simple as taking my working IPv4 DMVPN setup and adding the same commands with an "ipv6" prefix, using IPv6 addresses and adding IPv6 EIGRP.

Perl Automation Saves the Day - 6 of them in fact!

How does one analyze 182,000+ lines of Excel looking for correlations? I suppose there may be some Excel magic, but when IP addresses are involved - and I know Excel hasn't had an out-of-the-box IP network sort order, methinks I'm in for a long slog.

The background: I have an export from a customer IP address management tool and we needed to verify the block type assignments were correct. To do this, I needed to understand the top-level aggregates (IP network and mask) for each top-level container (site). There were around 50 aggregates in each of 6 containers. I then needed to verify if the 30,000+ subnetworks in each container did or didn't fall within the 50 associated aggregate blocks.

Where to begin? Looking at, analyzing and deciding on 1 line per second would still take almost 6 and a half working days (8 hours / per day); and 1 per second is a gross underestimate of the actual time required. I needed to automate this somehow.

Notepad++, DBGP and ... Python!

My recent work with Notepad++ got Perl debugging working with the DBGP Plugin. Originally written for PHP debugging, I did a little tweaking on the Perl side and got it working.

I don't know a lick of Python, but could I get Python to work with the DBGP Plugin too? Worth a shot!

++ for Notepad++

I've been doing some work lately with Notepad++ to get Perl debugging working. I used NppExec to automate a debug command from the Macro menu. But why stop there?

I dove headfirst into customizing Notepad++ into a full fledged Integrated Development Environment (IDE) for coding. I mainly do Perl, but also some C work and lots of Windows batch files. I added an NppExec script to "Compile", "Compile and Run" and "Clean" in build directories. It points to a pretty complex and branching Windows batch file that determines the correct action based on provided arguments and the current file extension.

How does this all work?

Debugging Perl Debugger: Part 3 - Automation

We have Perl debugging integrated with Notepad++. We fixed variable values so they show up in watch lists. Now we want to automate the use of Perl debugging directly from Notepad++ while editing a Perl script.

NppExec is a plugin with powerful automation features for Notepad++. The documentation showed it had all I needed to get this to work.

Debugging Perl Debugger: Part 2 - Variable Values Vindicated

In yesterday's post, I described how I got Perl debugging integrated with Notepad++. I had issues with watch variables only showing the variable name and type, not the value. I had source code from both the DBGp plugin and the Komodo Perl debugger. My only real option was to change the Perl debugger source as the plugin was written in a language I'm unfamiliar with and didn't have a compiler for.

The DBGp plugin offers a cool button labeled "DBG" which pops up a window with the raw XML messages sent between the debugger and the plugin. Like a packet capture trace file, this was a great place to start. Adding a watch variable and querying it's state showed the XML exchange and specifically where the value was returned:

...
&ltproperty name="$VERSION" fullname="$VERSION" encoding="base64" type="scalar" constant="0" children="0" size="25" &gt
    &ltvalue encoding="base64"&gt
        &lt![CDATA[MS4wIC0gMjkgSlVMIDIwMTU=]]&gt
    &lt/value&gt
&lt/property&gt
...

So it was getting sent. Why couldn't the plugin read and display it?

Debugging Perl Debugger: Part 1 - Notepad++ Integration

I use Notepad++ for most of my Windows text-based editing including Perl scripts. Every once in a while I'm stuck and need debugging, but I was too lazy to learn the Perl debugger command line. I had a simple Perl-specific IDE laying around solely to use for the integrated debugging in its Graphical User Interface (GUI). The ideal solution would be Perl debugger integration with Notepad++.

Google searches revealed there was no Perl-specific debugger integration in Notepad++; however, there was a debugger plugin - DBGP Plugin listed on the Notepad++ Plugins list. It was originally written for PHP and Xdebug integration. Further searches and the README lead me to believe it may support other programming languages as long as they supported the DBGP - common debug protocol. Could Perl work this way?

Comcast PWP is Dead, Long Live VinsWorld.com

With Comcast discontinuing the Personal Web Page (PWP) service as of this October, I needed an alternative to host VinsWorld.com.

From https://publish.comcast.net/splash/, which soon may no longer return a page or even resolve:

Please Note:

Effective October 8, 2015, the Personal Web Page service (feature of XFINITY Internet) will no longer be available. Please retrieve all content currently saved on your site before October 8, 2015 to avoid permanently losing your files and information.

Customers who have activated this feature, please check your email for a special offer.

What a Difference 2 Years Makes

Two years ago, I was using Talkatone to make calls with Google Voice on Wi-Fi while traveling abroad to avoid roaming fees with my cellular carrier.

One year ago, I was using Talkatone as a standalone service to make Wi-Fi calls while on vacation in the mountains - a veritable carrier dead zone - after Google pulled the plug on third-party apps using the Google Voice API.

Now, two years after the first go around, one year later in the same mountain getaway, I changed my "Forward Unreachable" setting to my Google Voice number and could receive calls from anyone on my carrier number via the Hangouts app - provided I was in the cabin where Wi-Fi was strong.

Two years is an eternity in tech and waiting for this Google Voice / Hangouts integration was frustratingly long; however, the pay off was worth it. Next stop, carrier Wi-Fi calling on AT&T ... any bets on how long that one will take?

Internet of Stuff(-it Marketing Fluff)

I've attended a lot of Internet of Things (IoT) talks and webinars lately as it's one of the tech buzz words you'll need to know in 2015. While this is an emerging concept to the discussion as of late, the term itself has been around since 1999 and has been defined, redefined, coopted and usurped by many a vendor to flog their old product with new marketing material.

When it comes to technology marketing, I need three things:

1. Vision - sweeping future statement (optionally includes rainbows and unicorns)
2. Definition - what does the technology do
3. Architecture - how does it do it

When any of the above are not well-defined, vendor slide decks start to look like Swiss cheese.